DRI Today - Legal Research, Law Blog and Magazine Archives - Jason-M-ShinnDRI’s flagship publication for over 40 years, is a national, monthly publication that contains original writings on topics of professional interest to lawyers and others concerned with the defense of civil actions.http://forthedefense.org/
http://www.rssboard.org/rss-specificationBlogEngine.NET 1.6.1.0en-GBhttp://forthedefense.org/opml.axdhttp://www.dritoday.org/syndication.axdDRIDRI Today - Legal Research, Law Blog and Magazine Archives0.0000000.000000Willie Sutton & Misappropriation of Business Assets - "That's Where the Money Is"<p>
Willie Sutton, the infamous bank robber, when asked why he robbed banks is <a href="http://en.wikipedia.org/wiki/Willie_Sutton#An_urban_legend" target="_blank" title="wikipedia urban legend"><strong>credited</strong></a> with responding &quot;Because that&#39;s where the money is.&quot; In today&#39;s market place, the money is in a company&#39;s information, e.g., customer lists, pricing, methodology, know-how, research, development, and related proprietary and confidential information. And like the banks in Mr. Sutton&#39;s day, companies are increasingly finding they are being robbed of their information by unscrupulous departing employees and competitors. For example, in a recent BusinessWeek article (BW, Feb. 16, 2009), <a href="http://www.businessweek.com/magazine/content/09_07/b4119052687973.htm" target="_blank" title="Catch a Corporate Thief"><em><strong>To Catch a Corporate Thief</strong></em></a>, an employee resigned, but reported his company issued laptop stolen. It turned out this employee had been poached by the former employer&#39;s competitor and the stolen laptop was actually the get-away-car for business methodologies, system designs, customer lists, and related proprietary information.<br />
<br />
While there are a <a href="http://jshinn.wordpress.com/2008/12/01/remember-mr-murphy-when-it-comes-to-protecting-intellectual-property/" target="_blank" title="Defending the Digitial Workplace"><strong>number of measures</strong></a> companies can take to prevent or otherwise minimize business theft/unfair competition (For a great summary of&nbsp; non-compete considerations <a href="http://www.gruntledemployees.com/gruntled_employees/2009/02/how-to-lose-a-noncompete-case.html" target="_blank" title="great summary of non-compete"><strong>click here</strong></a>, Eight Ways to Lost a Non-compete Case), companies that fail to take such steps are left with the unsatisfactory choice of litigation or waiting for a &quot;thank you&quot; card from the benefactor of the competitive advantages you&#39;ve bankrolled over the years. In regard to litigation, companies have in recent years relied upon the Computer Fraud and Abuse Act&nbsp; (CFAA) to combat the theft of business information. See <a href="http://www.box.net/shared/5llcrefqm8" target="_blank" title="Mich Manufacture Insight-2008"><strong>Adding to the Playbook</strong></a>.<br />
<br />
The CFAA creates civil liability under specified conditions. For employers bringing suit against former employees engaged in wrongful conduct, the relevant conditions are generally where someone:<br />
<br />
(2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains- ...<br />
<br />
(C) information from any protected computer if the conduct involved an interstate or foreign communication; [or] ...<br />
<br />
(4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value ...; [or]<br />
...<br />
(5)(A)(ii) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage FN2; or<br />
(iii) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage.<br />
18 U.S.C. &sect; 1030(a)(2), (4), (5)(A)(ii) and (iii); see also &sect; 1030(g) (providing for civil liability for violations involving certain conduct, including conduct causing a loss of at least $5,000 in value). Thus, paragraphs (a)(2) and (a)(4) apply only if the defendant accesses the computer<em> <strong>&quot;without authorization&quot;</strong></em> or <em><strong>&quot;exceeds authorized access,&quot;</strong></em> while paragraph (a)(5)(A)(ii) or (iii) applies only if the defendant accesses the computer <strong><em>&quot;without authorization.&quot;<br />
</em></strong><br />
There are two schools of judicial thought as to what <strong><em>&quot;without authorization&quot;</em></strong> or <strong><em>&quot;exceeds authorized access&quot;</em></strong> means.<br />
<br />
The first approach focuses on the defendant&#39;s intent or use of the information in finding liability under the CFAA. See, e.g., <em>International Airport Ctrs., L.L.C. v. Citrin</em>, 440 F.3d 418, 420-21 (7th Cir.2006); <em>Shurgard Storage Ctrs., Inc. v. Safeguard Self Storage, Inc.,</em> 119 F.Supp.2d 1121, 1124 (W.D.Wash.2000). In <em>Shurgard</em>, the court, in concluding that the plaintiff had stated a claim under paragraph (a)(2)(C) of the CFAA, held that the plaintiff&#39;s former employees had acted without authorization when they obtained information from the plaintiff&#39;s computers because, under agency law,&nbsp; the&nbsp; employee&#39;s authorization terminated when he allegedly became an agent of the defendant competitor during the act. See <em>Shurgard,</em> 119 F.Supp.2d at 1124. In <em>Citrin</em>, the court similarly held that the defendant&#39;s authorization to access the plaintiff&#39;s computer files had terminated when he violated his duty of loyalty to his employer imposed by agency law. See <em>Citrin</em>, 440 F.3d at 420-21.<br />
<br />
In contrast, under the second approach a number of courts have rejected the Shurgard and Citrin courts&#39; reliance on agency law in applying the authorization provisions of the CFAA. These courts generally find that a &quot;without authorization&quot; violation under the CFAA only occurs when initial access is not permitted and an &quot;exceeding authorized access&quot; violation occurs only when the defendant has permission to access the computer in the first place, but then accesses certain information to which he is not entitled. See <em>Condux Int&#39;l, Inc. v. Haugum</em>, (D. Minn. Dec.15, 2008);<em> Black &amp; Decker (US), Inc. v. Smith</em>, 568 F. Supp.2d 929, 933-36 (W.D.Tenn.2008); <em>Shamock Foods Co. v. Gast</em>, 535 F.Supp.2d 962, 963-68 (D.Ariz.2008); <em>Diamond Power Int&#39;l, Inc. v. Davidson</em>, 540 F.Supp.2d 1322, 1341-43 (N.D.Ga.2007); <em>Brett Senior &amp; Assocs., P.C. v. Fitzgerald</em>, 2007 WL 2043377, at *3-4 (E.D.Pa. July 13, 2007); <em>Lockheed Martin Corp. v. Speed</em>, 2006 WL 2683058, at *4-7 (M.D.Fla. Aug.1, 2006); <em>International Ass&#39;n of Machinists &amp; Aerospace Workers v. Werner-Masuda</em>, 390 F.Supp.2d 479, 498-99 (D.Md.2005).<br />
<br />
So what is the take-away for employers?<br />
<br />
Returning to Mr. Sutton, he packed a gun -- either a pistol or a Thompson sub-machine gun -- when he robbed financial institutions, noting, <a href="http://en.wikipedia.org/wiki/Willie_Sutton" target="_blank" title="&quot;You can't rob a bank on charm and personality.&quot;">&quot;You can&#39;t rob a bank on charm and personality.&quot;</a> Mr. Sutton, however, <a href="http://en.wikipedia.org/wiki/Willie_Sutton" target="_blank" title="Willie Sutton">reportedly</a> never carried a loaded gun because somebody might get hurt. In contrast (and metaphorically speaking) companies cannot afford to shoot blanks when it comes to protecting business critical information. At the outset, proper and reasonable measures should be implemented for protecting such information. For examples and considerations, <a href="http://jshinn.wordpress.com/2008/12/01/remember-mr-murphy-when-it-comes-to-protecting-intellectual-property/" target="_blank" title="Defending the Digital Workplace">click here</a>. However, if when these measures are not sufficient to prevent the theft of business assets, the CFAA is a great resource to have as backup. And even where courts have taken a narrower view of its applicability, proper planning in advance of litigation can provide a solid factual basis for a CFAA claim - just don&#39;t plan on relying on charm and personality: It didn&#39;t work for Willie Sutton (he spent half his life in prison) and it probably won&#39;t work for your company and (certainly not) your attorney.<br />
<br />
Jason M. Shinn<br />
Lipson Neilson Cole<br />
<a href="mailto:jshinn@lipsonneilson.com">jshinn@lipsonneilson.com</a>
</p>
<!-- AddThis button extension by Mayank Raichura -->
<!-- AddThis Button BEGIN -->
<div stype="padding: 5px;">
<script type="text/javascript">
var addthis_pub="blogengineextensionaddthis";
</script>
<a href="http://www.addthis.com/bookmark.php?v=20" onmouseover="return addthis_open(this, '', 'http://forthedefense.org/post/Willie-Sutton-Misappropriation-of-Business-Assets-Thats-Where-the-Money-Is.aspx', 'Willie Sutton & Misappropriation of Business Assets - "That's Where the Money Is"')" onmouseout="addthis_close()" onclick="return addthis_sendto()"><img src="http://s7.addthis.com/static/btn/sm-share-en.gif" height="16" alt="Bookmark and Share" style="border:0"/></a>
<script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
</div>
<!-- AddThis Button END -->
http://forthedefense.org/post/Willie-Sutton-Misappropriation-of-Business-Assets-Thats-Where-the-Money-Is.aspx
Jason M. Shinnhttp://forthedefense.org/post/Willie-Sutton-Misappropriation-of-Business-Assets-Thats-Where-the-Money-Is.aspx#commenthttp://forthedefense.org/post.aspx?id=7a62c348-6111-4dee-9ee7-6c85ec402083Wed, 04 Mar 2009 04:56:00 -1200Employee TheftEmployment/Labor LawFraudIntellectual PropertyJason M. Shinnhttp://forthedefense.org/pingback.axdhttp://forthedefense.org/post.aspx?id=7a62c348-6111-4dee-9ee7-6c85ec4020830http://forthedefense.org/trackback.axd?id=7a62c348-6111-4dee-9ee7-6c85ec402083http://forthedefense.org/post/Willie-Sutton-Misappropriation-of-Business-Assets-Thats-Where-the-Money-Is.aspx#commenthttp://forthedefense.org/syndication.axd?post=7a62c348-6111-4dee-9ee7-6c85ec402083